To evaluate anything we can't prove using pure mathematics or logical syllogism, we must test hypotheses by performing controlled experiments to generate measurable, empirical data. But today's computer security researchers often claim "proof" without following this approach. Failure to follow the scientific method rigorously can create problems. This article presents a method for scientific experimentation when others aren't appropriate or can't be readily applied. The goal is to further motivate researchers to apply science to experiments and, in concert with the authors' earlier work, offer a new technique for doing so.